Sunday, February 22, 2015

To get a good grade in ssllabs.com very easy to stay just follow the steps below.

Changes to the file with the command
pico /etc/httpd/conf.d/vhost_domain-name.conf

Find the line: <VirtualHost *: 443>

add below: Strict-Transport-Security "max-age = 63072000;"

or if using SSL wildcard: Strict-Transport-Security "max-age = 63072000; includeSubDomains"

Then see row after: SSLEngine on

If there is no add the following code:

SSLCompression on
SSLHonorCipherOrder on
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On

see also browse SSLCipherSuite

fox with the following code:
SSLCipherSuite EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!MEDIUM:!SEED:!3DES:!CAMELLIA:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4